1. Field of the Invention
The field of the invention is data processing, or, more specifically, methods, apparatus, and products for variable dynamic throttling of network traffic for intrusion prevention.
2. Description of Related Art
The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely complicated devices. Today's computers are much more sophisticated than early systems such as the EDVAC. Computer systems typically include a combination of hardware and software components, application programs, operating systems, processors, buses, memory, input/output devices, and so on. As advances in semiconductor processing and computer architecture push the performance of the computer higher and higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago.
One of the areas in which progress has been made is in variable dynamic throttling of network traffic for intrusion prevention. Data communications networks are bombarded with suspicious network traffic. Some of the traffic can be the malicious, denial-of-service variety, such as, for example, flood or echo requests to broadcast or multicast addresses. Some of the traffic may be slow and stealthy, such as port scanning, for example, designed by a potential intruder to learn more about the network host with each probe.
In the current art, firewalls are used to filter out unfamiliar IP addresses, and for those intrusions that make it through a firewall, IP address filters can be used on a network host to permit or deny data communications packets. In addition to IP filtering, Quality of Service (‘QoS’) policies can be created to control network congestion by specifying connection rates and burst limits. When IP filters or QoS policies are engaged, it takes intervention by a system administrator to disengage them.
Also in the current art, intrusion detection systems (‘IDS’), potential intruders, and network flows are typically completely denied or blocked. It is often impossible to distinguish between a good client generating an unusually high volume of network traffic and an intruder trying to disrupt or compromise a network host. As a result, a good client can get classified as an intruder and consequently be denied access to the network host.